WO2014100788A2 - Managed secure computations on encrypted data - Google Patents

Managed secure computations on encrypted data Download PDF

Info

Publication number
WO2014100788A2
WO2014100788A2 PCT/US2013/077348 US2013077348W WO2014100788A2 WO 2014100788 A2 WO2014100788 A2 WO 2014100788A2 US 2013077348 W US2013077348 W US 2013077348W WO 2014100788 A2 WO2014100788 A2 WO 2014100788A2
Authority
WO
WIPO (PCT)
Prior art keywords
homomorphic
data
computing
computation
encryption scheme
Prior art date
Application number
PCT/US2013/077348
Other languages
English (en)
French (fr)
Other versions
WO2014100788A3 (en
Inventor
Jacob J. LOFTUS
Michael Naehrig
Joppe Willem BOS
Kristin Estella Lauter
Original Assignee
Microsoft Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corporation filed Critical Microsoft Corporation
Priority to EP13821361.6A priority Critical patent/EP2936731B1/en
Priority to CN201380067538.8A priority patent/CN105122721B/zh
Priority to ES13821361.6T priority patent/ES2598298T3/es
Publication of WO2014100788A2 publication Critical patent/WO2014100788A2/en
Publication of WO2014100788A3 publication Critical patent/WO2014100788A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3093Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving Lattices or polynomial equations, e.g. NTRU scheme

Definitions

  • FHE Fully homomorphic encryption
  • a fully homomorphic encryption scheme to evaluate an encryption standard circuit.
  • a ring-based public key encryption system is fully homomorphic when constructed using well-known lattice problems and/or reduced ciphertexts in order to ensure correctness and security.
  • the fully homomorphic encryption scheme encodes integers by partitioning such integers based upon an encoding parameter such that computations are performed in parallel. [0005] Based upon user input, the fully homomorphic encryption scheme is
  • one or more software/hardware library components select one or more parameters for configuring the encryption scheme to operate efficiently.
  • restricting a cryptographic key space enables higher throughput and reduced memory usage while maintaining security and correctness.
  • a computing device uses a library component to configure the fully homomorphic encryption scheme to perform the computations on the encrypted data.
  • the library component is configured to provide access to homomorphic functionality.
  • One such function performs a mathematical operation on one or more encrypted data items.
  • the library component is extended with additional homomorphic functions that are built upon other homomorphic functions.
  • the library component is configured to process the user's input, sets bounds on computational operations and either executes such operations or issues errors if correctness cannot be assured.
  • the library component informs the user when decrypted output from a homomorphic function is not equal to the result of a same computation on the input had such input been unencrypted.
  • FIG. 1 is a block diagram illustrating an example system for managing secure computations on encrypted data according to one example implementation.
  • FIG. 2 is a flow diagram illustrating example steps for automatically selecting parameters that direct execution of computational operations according to one example implementation.
  • FIG. 3 is a flow diagram illustrating example steps for implementing a leveled homomorphic encryption scheme according to one example implementation.
  • FIG. 4 is a flow diagram illustrating example steps for interacting with a computation service via one or more library components according to one example implementation.
  • FIG. 5 is a block diagram representing example non-limiting networked environments in which various embodiments described herein can be implemented.
  • FIG. 6 is a block diagram representing an example non-limiting computing system or operating environment in which one or more aspects of various embodiments described herein can be implemented.
  • Various aspects of the technology described herein are generally directed towards a library configured to perform computations on encrypted data over a network.
  • Access to the library's functionality may be provided via a network resource, such as a local area network server or a cloud computing environment.
  • the network resource may be untrusted by other computing devices herein referred to as clients.
  • the client may use the library to prevent any adversarial computing device from deciphering the encrypted data during transmission and/or while stored in memory at the network resource.
  • components of the library construct a fully homomorphic encrypted scheme, which may be used to privately outsource computational operations to the network resource when data is being uploaded from distributed computing devices while achieving a certain level of data correctness and security.
  • Some embodiments of the library implement a leveled fully homomorphic encryption scheme based ideal lattice problems, such as the ring learning with errors problem.
  • One example encryption scheme may be based on the quantum hardness of short- vector problems in ideal lattices.
  • the leveled fully homomorphic encryption scheme described herein reduces ciphertext size and eliminates ciphertext expansion in
  • the leveled fully homomorphic encryption scheme also may reduce an overall complexity incurred in homomorphic computation by utilizing separate, small plaintext moduli that are later combined (via the Chinese remainder theorem (CRT)) into a larger plaintext modulus. Such a reduction may result in more efficient plaintext/ciphertext sizes and a lower probability of reaching a maximum amount of computation and/or the like.
  • a data item is first encoded to produce a set of encoded values and then each value is encrypted as a ciphertext. Computations performed on the data item may process each ciphertext individually, which may be facilitated by a small ciphertext size, and combine processing results into a larger ciphertext.
  • encoding integers using a CRT-based technique described herein enhances computation precision since each integer is transformed into to more efficiently-sized (e.g., smaller) integers.
  • the CRT -based technique also enables encoding of large integers by reducing each large integer into smaller integers that are processed separately and combined into a correct result.
  • An Integer up to a bound B may be encoded as a set of integers of which each integer is encoded up to a bound tu
  • Computational operations may be correctly performed on the set of integers given that each modulus is co-prime and the product over all is greater than bound B.
  • Each integer x mod in the set may be encrypted and then, processed in parallel to return encrypted results which are then decrypted/decoded to recover an original integer.
  • FIG. 1 is a block diagram illustrating an example system for managing secure computations on encrypted data according to one example implementation.
  • a plurality of computing devices represented as a plurality of clients 102 in FIG. 2, utilize a network resource 104 to perform various computing tasks.
  • Example components of the example system may further include a library front end 106, running on any example client 102, configured to interact with a library back end 108, running on the network resource 104.
  • the library front end 106 generally refers to a set of functions (e.g., an application programming interface (API)) that communicate various data, instructions, commands and/or the like to a process configured to handle such communications for the network resource 104 as described herein.
  • API application programming interface
  • the network resource 104 facilitates the provision of services, such as computation services, to the example client 102.
  • Various computing devices including a physical machine or virtual machine herein referred to as a server, may operate within the network resource 104 and perform computations on stored data sets, such as an example data set comprising encrypted data 1 10.
  • Example architecture for the network resource 104 decouples dedicated hardware from software such that each hardware/software component may be virtualized into units, which then may be further grouped around functionality.
  • the network resource 104 may automate provisioning and configuration of some units such that each unit performs a portion of the task in parallel.
  • the network resource 104 may configure one or more components of the library back end 108 to operate in various computing environments (e.g., a local computer cluster, a private cloud computing environment, a public cloud computing environment and/or a hybrid computing environment).
  • various computing environments e.g., a local computer cluster, a private cloud computing environment, a public cloud computing environment and/or a hybrid computing environment.
  • the library back end 108 secures the example data set from unauthorized access, modification and/or misappropriation, such as by an untrusted resource .
  • the library front end 108 provides access to an encryption mechanism 112 providing functionality with respect to a homomorphic encryption scheme 114. Such functionality enables a computation module 116 to automatically select parameter data 118 for dynamically executing secure computations on the encryption data 110.
  • one or more components of the library back end 108 evaluate a standard encryption circuit of a particular depth/level correctly and securely.
  • At least some implementations of the homomorphic encryption scheme 114 include a leveled fully homomorphic scheme in which a user inputs a circuit depth/level (e.g., a depth-three (3)/level-four (4) circuit for
  • the library front end 108 may be used to build a private cloud computational service for outsourcing computation on the encrypted data 110.
  • the computation module 116 may be configured to automatically establish bounds on data set size for the encrypted data. These bounds may be determined based upon user inputs including desired security level, one or more computational operations, amount and type of data to be handled and/or the like. Each computational operation may refer to a single homomorphic function or a series of such functions. An example homomorphic function may be configured to evaluate encryption circuits, such as through addition or multiplication of ciphertexts. One example implementation of the computation operation combines these functions to provide additional functionality, such as for statistical purposes, predictive modeling, machine learning and/or the like.
  • the user via the library front end 106, may instruct the library back end 108 to use the addition and/or multiplication functions to compute a mean, a standard deviation, regression values and other statistical data.
  • the library front end 106 may be programmed to use homomorphic evaluation functions to initialize and/or train a linear classifier.
  • Example techniques include reducing a ciphertext size/space and/or a plaintext message size/space by a modulus factor, restricting a cryptographic key space to a bounded distribution, encoding polynomial ring elements using a Chinese Remainder Theorem (CRT)-based technique and so forth.
  • CRT Chinese Remainder Theorem
  • a bounded cryptographic key distribution, from which polynomial ring elements representing cryptographic keys are sampled, for instance, may accomplish key space restriction. Encoding an integer data item, including a large integer, as a collection of smaller integers enables efficient computations on that integer data item.
  • the ring learning with errors (RLWE) assumption which is related to the learning with errors (LWE) assumption, refers to preventing an adversary from distinguishing one sequence of samples from random pairs of polynomial ring elements.
  • the polynomial ring elements may refer to any type of polynomial, such as a cyclotomic polynomial.
  • a cyclotomic polynomial By being unable to discern one polynomial from another polynomial, without substantial computing power and time, the adversary cannot reasonably decode computation results based on input polynomials. It is well-understood the RLWE assumption may be reduced to the worst case hardness of short-vector problems on ideal lattices.
  • each element may be encoded using an encoding parameter such that an encoded vector of polynomial coefficients is identical or invertible to the original polynomial.
  • the homomorphic encryption scheme 114 reduces polynomial coefficients modulus q to produce the encoded vector.
  • the encryption mechanism 112 may configure the homomorphic encryption scheme 1 14 to map each element in R to an integer within an integer domain of size q. Generally, such a mapping may be expressed as function r q (a) to denote reduction of element a to interval [0, q).
  • the encryption mechanism 112 samples cryptographic keys and/or random error polynomials from Gaussian distributions in each distribution is of a different width and may be bounded to a specific interval.
  • a bounded Gaussian cryptographic key distribution represents a restricted key space from which efficient cryptographic keys are generated.
  • a set of cryptographic keys may include a public and a private key derived from a Bkey-bounded distribution; whereas, errors are deduced from a Ben-bounded distribution.
  • Some example implementations of the homomorphic encryption scheme 114 also generate another cryptographic key referred to as an evaluation key.
  • the library back end 108 may generate ciphertexts that only map to a single ring element in contrast to the two or more as dictated in pure ring learning with errors (RLWE) based schemes. Evaluating the homomorphic encryption scheme 114, in addition, results in little or no ciphertext expansion while executing homomorphic multiplication.
  • the encryption mechanism 112 may rely on a decisional small polynomial ratio (DSPR) assumption to extend a basic construction of the homomorphic encryption scheme 114. For instance, by using a tensoring technique, the homomorphic encryption scheme 1 14 ensures that the public key distribution is statistically similar to a uniform distribution provided that the cryptographic key elements are sampled from Gaussian distributions of sufficient width.
  • DSPR decisional small polynomial ratio
  • FIG. 2 is a flow diagram illustrating example steps for automatically selecting parameters for configuring execution of computational operations according to one example implementation.
  • One or more hardware/software components e.g., of the library back end 108 of FIG. 1 may be configured to perform the example steps. Such components may form at least a portion of a library facilitating secure computations of encrypted data on behalf of a computing device user operating a client.
  • One example implementation includes a structural representation of a ring R, such as a polynomial ring.
  • R Z[X]/ ⁇ ( ⁇ ) as the ring of polynomials with integer coefficients modulo the d-th cyclotomic polynomial ⁇ ( ⁇ ) £ Z[X].
  • the elements of R may be represented by all polynomials in Z[X] of degree less than n.
  • Elements of ring R are of arithmetic modulo ⁇ ( ⁇ ), which is implicit whenever terms or equalities involving elements in R are described herein.
  • a vector of coefficients may represent an arbitrary element a £ R as (ai, a 2 , a 3 ,. .. , a n -i) where 3 ⁇ 4 E TL.
  • a polynomial for a may be expressed as follows:
  • element a can be viewed as an element of the M-vector space W.
  • the example library component selects a maximum norm on W to measure the size of elements in R.
  • One example implementation of the maximum norm of a may be computed as follows:
  • be a probability distribution on R according to which elements are sampled from R. Using notation a ⁇ — ⁇ to denote that a £ R is sampled, the distribution ⁇ on R is
  • a discrete Gaussian distribution ⁇ , ⁇ may be designed with a mean zero(0) and a standard deviation ⁇ over the integer set, which assigns a probability proportional to ⁇ (- ⁇
  • Step 202 commences the example steps of FIG. 2 and proceeds to step 204 where one or more library components for performing computational operations on the encrypted data are provided to the client.
  • an example library component comprises instructions configured to compute a set of homomorphic functions, including linear algebra functions (e.g., vector dot product, matrix
  • Step 206 refers to user input processing and parameter generation with respect to executing a set of computational operations.
  • Some user input may indicate a desired security level, a data set size, a computation precision and/or the like.
  • the example library component selects parameters to dynamically configure execution of the set of computational operations while rendering secure and correct computation results.
  • One example parameter includes a specific modulus, referred to as modulus q, having a variable or fixed size (e.g., 128-bit or 1024-bit) and being a power of two or, alternatively, being a Mersenne prime.
  • modulus q a specific modulus
  • modulus q having a variable or fixed size (e.g., 128-bit or 1024-bit) and being a power of two or, alternatively, being a Mersenne prime.
  • Another example parameter involves setting a degree n of an evaluation polynomial ⁇ equal to (p(d).
  • the example library component may, alternatively, use pre-determined parameter data, such as a base field and dimension of ideal lattices.
  • the example library component may modify the parameter data to adapt to new bounds and estimates, assuring correctness and security. Automatically selecting these and/or other parameters prevent substantial inherent noise from causing inaccurate evaluation when executing the computational operations.
  • Step 208 determines whether a noise estimate for the set of computational operations is acceptable.
  • the distribution ⁇ is used in many fully homomorphic encryption schemes based upon the ring learning with errors (RLWE) problem
  • an inherent noise term of small norm allows recovery of plaintext (e.g., decrypted data) from ciphertext (e.g., encrypted data)
  • ciphertext e.g., encrypted data
  • a bound on the inherent noise in a ciphertext assuming key and error distributions are bounded, ensures correctness in the homomorphic encryption scheme described herein.
  • the distribution ⁇ is B-bounded for some B.
  • step 208 By computing at least one bound for the noise estimate, the example library component establishes a particular level of computational security and correctness. If the noise estimate fails to satisfy the at least one bound, step 208 proceeds to step 216 where the example steps depicted in FIG. 2 end. If the noise estimate complies with the inherent noise bound, step 208 proceeds to step 210.
  • Step 210 is directed to a transformation between each computational operation and structured homomorphic functions. As an example, computing an average or mean in a set involves a series of homomorphic additions. As another example, computing a dot product between vectors of size N involves N homomorphic multiplications and N-l homomorphic additions.
  • Step 212 executes the structured homomorphic functions. It is appreciated that other implementations may have only one homomorphic function to execute at step 212. Nonetheless, during such execution, the example library component updates the noise estimate and/or inherent noise bound. If the noise estimate exceeds the inherent noise bound, according to one example implementation, the example library component issues errors and/or reconfiguration messages, for example, when a specific (e.g., maximum) amount of computation is reached or if a considerably large data set is entered. Upon completion of the execution of the structured homomorphic functions, the example library component performs step 214 and communicates encrypted results to the client. Step 216 terminates the example steps described herein with respect to FIG. 2.
  • FIG. 3 is a flow diagram illustrating example steps for implementing a leveled homomorphic encryption scheme according to one example implementation. As described herein, such an encryption scheme may provide a user with provably secure proofs.
  • the example steps may refer to following leveled homomorphic encryption scheme as constructed by one or more hardware/software components (e.g., of the library back end 108 of FIG.1).
  • Such a scheme is parameterized by a modulus q and a plaintext modulus t where 1 ⁇ t ⁇ q.
  • Appropriate selections of moduli t and q and/or a cyclotomic evaluation polynomial ⁇ ( ⁇ ) defining R facilitate data confidentiality and computational correctness.
  • Step 302 commences the example steps of FIG. 3 and proceeds to step 304 where one or more library components access a data set and generate a set of cryptographic keys based on automatically selected parameters.
  • the modulus q may be generalized to a specific power of two (e.g., 128-bit or 1024-bit).
  • Another example parameter involves setting a degree n of the evaluation polynomial ⁇ equal to cp(d) based upon a user inputted security parameter.
  • a Gaussian distribution may be Bkey bounded within a certain number of standard deviations.
  • Bkey 1, even when the polynomials f ', g have coefficients in ⁇ -1, 0, 1 ⁇ and the public key h is equal to [tgf J ]q, the public key h remains indistinguishable from a key sampled from a uniform distribution.
  • the high probability bound on the size of the coefficients of errors drawn from Gaussian distributions may be selected as 6 ⁇ .
  • Step 306 refers to encoding certain data items within the data set.
  • a data item includes plaintext data mapping to a set of integer coefficients of a representative polynomial in R.
  • the example library component may employ a well-known Chinese Remainder Theorem to determine a modulus q for encoding the plaintext data prior to encryption. Because the polynomial f described herein is invertible modulo q, polynomial coefficients may be reduced by an integer modulo q. Thus, a map [-] q may reduce an integer x modulo q to a result and represents that result by an element in the interval (-q/2, q/2]. The map [-] q may be extended to polynomials in Z[X] and R by separately applying an appropriate map entry to each coefficient as denoted by the following:
  • the above notation may be modified for vectors of polynomials by applying mappings to vectors entries separately.
  • One alternative implementation uses reduction integer x modulo q to represent any vector coefficient as an element in [0, q).
  • a modulus q that is used to reduce the coefficients of the elements that represent ciphertexts
  • a second modulus t ⁇ q determines a space defined by R/tR (e.g., referred to as a message space), representing plaintext/decrypted data as polynomials in R modulo t.
  • Step 308 refers to encrypting the encoded data items using a leveled
  • homomorphic encryption scheme corresponds to homomorphic function referred to as Encrypt(pk, m) for encrypting a plaintext message m where a plaintext message space is defined as R/tR and refers the ring of polynomials in R modulo t:
  • One example embodiment of the leveled homomorphic encryption scheme described herein includes a word length w (e.g., a positive integer w > 1) used to represent integers in a radix-w system.
  • w e.g., a positive integer w > 1
  • ciphertext messages may be partitioned by word w size and after applying a homomorphic function to each portion, the leveled homomorphic encryption scheme combines each portion into a resulting ciphertext message.
  • the following instructions correspond to an example function referred to as KeyGen(d,q,t,Xkey,Xerr,w) that generates a private key, a public key and an evaluation key:
  • An alternative to the above implementations includes a leveled fully
  • Step 310 represents basic homographic function production.
  • the example library component uses parameter data to complete configuration of various homographic function specifications.
  • One example homomorphic function refers to an Add(ci,c 2 ) function defined to compute an addition of input ciphertexts cl ,c2 with the following equation:
  • Another example homomorphic function includes a Mult (ci,c 2 ) function that computes a multiplication of input ciphertexts ci,c 2 using an evaluation key evk with the following equation:
  • a KeySwitch function transforms the ciphertext c muit encrypting the product [mim 2 ]t of plaintext ml and m2, which is recoverable using the evaluation key evk, into a ciphertext Cmuit that is capable of being decrypted with the original private key pk.
  • the example library component employs a known key- switching function to build homomorphic multiplication functions.
  • the example library component may utilize other software/hardware components to perform a modulus reduction where polynomial coefficients are scaled down by a factor, such as a reduction by modulo q.
  • the modulus reduction homomorphic function may be applied to any set of polynomial coefficients in ring R, including plaintext (e.g., decrypted) data and/or ciphertext (e.g., decrypted) data. Accordingly, an original set of coefficients and an encoded set of coefficients are congruent to each other modulo q where q may be equal to two (2), a power of 2, a prime number and or the like).
  • Such a function may be employed to encode the plaintext data prior to encryption, which limits ciphertext size, reduces inherent noise (e.g., magnitude), improve computation latency and/or provide additional benefits.
  • a congruency between an original plaintext (message m) and an encoded plaintext (encoded message m') may be expressed via the following equation:
  • Step 312 is directed to building other homographic functions.
  • the example library component may utilize software/hardware components to perform a linear algebra function.
  • One example homomorphic function performs a dot product operation of the plaintext message comprising a set of vector coefficients in R with another set of vector coefficients in R.
  • the example library component builds upon instances of such a dot product homomorphic function to provide homomorphic matrix multiplication functionality where each matrix entry comprises a set of vector coefficients in R.
  • a noise estimate homomorphic function may estimate an inherent noise magnitude and project the influence such noise on the security or correctness future computations.
  • Yet another example homomorphic function computes a noise estimate indicating the noise magnitude when encrypting the plaintext into the ciphertext.
  • This function may couple the noise estimate to the ciphertext with the ring R.
  • this function computes a noise estimate associated with an execution of any other
  • homomorphic function including any of the functions described herein, such as Add() or Mult(), or other homomorphic functions, such as those corresponding to implementing other encryption schemes.
  • a corresponding noise term v a dd is bounded according to expression
  • noise terms described above are directed towards homomorphic addition and multiplication, but such terms may be interpolated when deducing bounds for
  • ciphertexts at each level are assumed to have inherent noise terms substantially equal in magnitude. Such an assumption may approximate unbalanced inherent noise terms, which results in accurate noise bound estimates.
  • the example library component may build a structure comprising a series of Mult() functions that are executed iteratively.
  • a homomorphic rounding function may involve a considerable number of consecutive multiplications.
  • the leveled homomorphic scheme may utilize scaling by rational numbers such that the resulting polynomials have rational coefficients instead of integer coefficients.
  • the rounding function reverts the rational coefficients back into the corresponding integer coefficients.
  • Step 314 refers to providing a plurality of clients (e.g., computing devices) with access to the homographic functions. Via the example library component, any client may interact with and use embodiments of the other homomorphic functions through hardware mechanisms (e.g., microprocessor instruction sets) and/or software mechanisms (e.g., driver-based software libraries). Step 316 terminates the example steps of FIG. 3.
  • AES functions e.g., AddKey, SubBytes, ShiftRows, MixColumns and/or the like
  • Step 314 refers to providing a plurality of clients (e.g., computing devices) with access to the homographic functions. Via the example library component, any client may interact with and use embodiments of the other homomorphic functions through hardware mechanisms (e.g., microprocessor instruction sets) and/or software mechanisms (e.g., driver-based software libraries).
  • Step 316 terminates the example steps of FIG. 3.
  • FIG. 4 is a flow diagram illustrating example steps for interacting with a computation service via one or more library components according to one example implementation.
  • the computation service provides access to certain software/hardware- based functionality available on a network resource (e.g., a private cloud computing resource).
  • a user operating a computing device referred to herein as a client, may use the computation service to automatically configure a leveled fully homomorphic encryption scheme to effectuate these secure computations.
  • an example library component e.g., a library front end 106 of FIG. 1
  • a library front end 106 of FIG. 1 may be configured to perform at least some of the example steps by initiating secure computations on encrypted data and/or analyzing any results from such
  • Step 302 commences the example steps and proceeds to step 304 where a security parameter is established.
  • the security parameter defines certain desired settings, including a depth level for a standardized encryption circuit.
  • the user may request 128-bit fully homomorphic encryption on an AES circuit of depth level N (e.g., 3).
  • N depth level
  • the user may indicate a level of correctness, for example, in terms of precision, and/or security, for example, in terms of
  • the computation service returns a set of additional parameters for configuring the leveled fully homomorphic encryption scheme in a manner that substantially satisfies the security parameter.
  • Step 406 refers to using the computation service to encrypt data items of a data set.
  • the example library component may instruct the computation service to encode each encrypted data item such that the adversary cannot distinguish between that data item and another random data item.
  • Step 408 selects a computational operation for the computation service to perform. Accordingly, step 408 proceeds to issue a command via step 410, step 412 and/or step 414. If the computation operation refers to a homomorphic addition function, step 408 proceeds to step 410. If the command is directed towards a homomorphic multiplication function, step 408 proceeds to step 412. If the user desires results from another homomorphic function, step 408 proceeds to step 414.
  • some computation operations may include a single homomorphic function, other computational operations involve executing structured homomorphic functions in which an arrangement of function calls perform any type of mathematical computation. For instance, a series of function calls may be configured to train a linear classifier.
  • Step 416 determines whether to process computation results or perform another computational operation. Step 416 returns to step 408 if, for example, the client is running a process engaged in a continuous computations, such as an online machine learning application. Step 416 proceeds to step 418, however, when the computation results are to be analyzed. Because both the encrypted and the computation results remain in an encrypted state throughout the computational operation, the encryption scheme prevents an untrusted resource from deciphering the encrypted data during transmission and/or storage. An adversary on an untrusted host server or otherwise connected to the client, for instance, cannot distinguish between two additions of random data item pairs. Step 418 refers to the example library component using the computation service to decrypt the encrypted computation results. Step 420 terminates the example steps depicted in FIG. 4.
  • the various embodiments and methods described herein can be implemented in connection with any computer or other client or server device, which can be deployed as part of a computer network or in a distributed computing environment, and can be connected to any kind of data store or stores.
  • the various embodiments described herein can be implemented in any computer system or environment having any number of memory or storage units, and any number of applications and processes occurring across any number of storage units. This includes, but is not limited to, an environment with server computers and client computers deployed in a network environment or a distributed computing environment, having remote or local storage.
  • Distributed computing provides sharing of computer resources and services by communicative exchange among computing devices and systems. These resources and services include the exchange of information, cache storage and disk storage for objects, such as files. These resources and services also include the sharing of processing power across multiple processing units for load balancing, expansion of resources, specialization of processing, and the like. Distributed computing takes advantage of network connectivity, allowing clients to leverage their collective power to benefit the entire enterprise. In this regard, a variety of devices may have applications, objects or resources that may participate in the resource management mechanisms as described for various embodiments of the subject disclosure.
  • FIG. 5 provides a schematic diagram of an example networked or distributed computing environment.
  • the distributed computing environment comprises computing objects 510, 512, etc., and computing objects or devices 520, 522, 524, 526, 528, etc., which may include programs, methods, data stores, programmable logic, etc. as represented by example applications 530, 532, 534, 536, 538.
  • computing objects 510, 512, etc. and computing objects or devices 520, 522, 524, 526, 528, etc. may comprise different devices, such as personal digital assistants (PDAs), audio/video devices, mobile phones, MP3 players, personal computers, laptops, etc.
  • PDAs personal digital assistants
  • Each computing object 510, 512, etc. and computing objects or devices 520, 522, 524, 526, 528, etc. can communicate with one or more other computing objects 510, 512, etc. and computing objects or devices 520, 522, 524, 526, 528, etc. by way of the communications network 540, either directly or indirectly.
  • communications network 540 may comprise other computing objects and computing devices that provide services to the system of FIG. 5, and/or may represent multiple interconnected networks, which are not shown.
  • an application such as applications 530, 532, 534, 536, 538, that might make use of an API, or other object, software, firmware and/or hardware, suitable for communication with or implementation of the application provided in accordance with various embodiments of the subject disclosure.
  • computing systems can be connected together by wired or wireless systems, by local networks or widely distributed networks.
  • networks are coupled to the Internet, which provides an infrastructure for widely distributed computing and encompasses many different networks, though any network infrastructure can be used for example communications made incident to the systems as described in various embodiments.
  • client/server peer-to-peer
  • hybrid architectures a host of network topologies and network infrastructures, such as client/server, peer-to-peer, or hybrid architectures.
  • the "client” is a member of a class or group that uses the services of another class or group to which it is not related.
  • a client can be a process, e.g., roughly a set of instructions or tasks, that requests a service provided by another program or process.
  • the client process utilizes the requested service without having to "know” any working details about the other program or the service itself.
  • a client is usually a computer that accesses shared network resources provided by another computer, e.g., a server.
  • a server e.g., a server
  • computing objects or devices 520, 522, 524, 526, 528, etc. can be thought of as clients and computing objects 510, 512, etc.
  • computing objects 510, 512, etc. acting as servers provide data services, such as receiving data from client computing objects or devices 520, 522, 524, 526, 528, etc., storing of data, processing of data, transmitting data to client computing objects or devices 520, 522, 524, 526, 528, etc., although any computer can be considered a client, a server, or both, depending on the circumstances.
  • a server is typically a remote computer system accessible over a remote or local network, such as the Internet or wireless network infrastructures.
  • the client process may be active in a first computer system, and the server process may be active in a second computer system, communicating with one another over a communications medium, thus providing distributed functionality and allowing multiple clients to take advantage of the information-gathering capabilities of the server.
  • the computing objects 510, 512, etc. can be Web servers with which other computing objects or devices 520, 522, 524, 526, 528, etc. communicate via any of a number of known protocols, such as the hypertext transfer protocol (HTTP).
  • HTTP hypertext transfer protocol
  • Computing objects 510, 512, etc. acting as servers may also serve as clients, e.g., computing objects or devices 520, 522, 524, 526, 528, etc., as may be characteristic of a distributed computing environment.
  • Embodiments can partly be implemented via an operating system, for use by a developer of services for a device or object, and/or included within application software that operates to perform one or more functional aspects of the various embodiments described herein.
  • Software may be described in the general context of computer executable instructions, such as program modules, being executed by one or more computers, such as client workstations, servers or other devices.
  • computers such as client workstations, servers or other devices.
  • client workstations such as client workstations, servers or other devices.
  • FIG. 6 thus illustrates an example of a suitable computing system environment 600 in which one or aspects of the embodiments described herein can be implemented, although as made clear above, the computing system environment 600 is only one example of a suitable computing environment and is not intended to suggest any limitation as to scope of use or functionality. In addition, the computing system environment 600 is not intended to be interpreted as having any dependency relating to any one or
  • an example remote device for implementing one or more embodiments includes a general purpose computing device in the form of a computer 610.
  • Components of computer 610 may include, but are not limited to, a processing unit 620, a system memory 630, and a system bus 622 that couples various system components including the system memory to the processing unit 620.
  • Computer 610 typically includes a variety of computer readable media and can be any available media that can be accessed by computer 610.
  • the system memory 630 may include computer storage media in the form of volatile and/or nonvolatile memory such as read only memory (ROM) and/or random access memory (RAM).
  • ROM read only memory
  • RAM random access memory
  • system memory 630 may also include an operating system, application programs, other program modules, and program data.
  • a user can enter commands and information into the computer 610 through input devices 640.
  • a monitor or other type of display device is also connected to the system bus 622 via an interface, such as output interface 650.
  • computers can also include other peripheral output devices such as speakers and a printer, which may be connected through output interface 650.
  • the computer 610 may operate in a networked or distributed environment using logical connections to one or more other remote computers, such as remote computer 670.
  • the remote computer 670 may be a personal computer, a server, a router, a network PC, a peer device or other common network node, or any other remote media consumption or transmission device, and may include any or all of the elements described above relative to the computer 610.
  • the logical connections depicted in Fig. 6 include a network 672, such local area network (LAN) or a wide area network (WAN), but may also include other networks/buses.
  • LAN local area network
  • WAN wide area network
  • Such networking environments are commonplace in homes, offices, enterprise-wide computer networks, intranets and the Internet.
  • a component may be, but is not limited to being, a process running on a processor, a processor, an object, an executable, a thread of execution, a program, and/or a computer.
  • an application running on computer and the computer can be a component.
  • One or more components may reside within a process and/or thread of execution and a component may be localized on one computer and/or distributed between two or more computers.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Algebra (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computing Systems (AREA)
  • Electromagnetism (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)
PCT/US2013/077348 2012-12-21 2013-12-21 Managed secure computations on encrypted data WO2014100788A2 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
EP13821361.6A EP2936731B1 (en) 2012-12-21 2013-12-21 Managed secure computations on encrypted data
CN201380067538.8A CN105122721B (zh) 2012-12-21 2013-12-21 用于管理针对加密数据的托管安全计算的方法和系统
ES13821361.6T ES2598298T3 (es) 2012-12-21 2013-12-21 Cálculos seguros gestionados, sobre datos cifrados

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US13/723,879 US9306738B2 (en) 2012-12-21 2012-12-21 Managed secure computations on encrypted data
US13/723,879 2012-12-21

Publications (2)

Publication Number Publication Date
WO2014100788A2 true WO2014100788A2 (en) 2014-06-26
WO2014100788A3 WO2014100788A3 (en) 2014-08-21

Family

ID=49956476

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2013/077348 WO2014100788A2 (en) 2012-12-21 2013-12-21 Managed secure computations on encrypted data

Country Status (5)

Country Link
US (2) US9306738B2 (zh)
EP (1) EP2936731B1 (zh)
CN (1) CN105122721B (zh)
ES (1) ES2598298T3 (zh)
WO (1) WO2014100788A2 (zh)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017193108A3 (en) * 2016-05-06 2018-07-26 ZeroDB, Inc. Encryption for distributed storage and processing
CN114073037A (zh) * 2019-05-09 2022-02-18 谷歌有限责任公司 Rlwe明文的压缩和未察觉地扩展
CN116208316A (zh) * 2023-04-27 2023-06-02 蓝象智联(杭州)科技有限公司 节约存储空间的半同态加密方法、装置及存储介质
US20230185800A1 (en) * 2021-12-14 2023-06-15 International Business Machines Corporation Secure database-as-a-service system

Families Citing this family (82)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012149395A1 (en) * 2011-04-29 2012-11-01 International Business Machines Corporation Fully homomorphic encryption
US9281941B2 (en) * 2012-02-17 2016-03-08 International Business Machines Corporation Homomorphic evaluation including key switching, modulus switching, and dynamic noise management
US10341086B2 (en) * 2013-01-29 2019-07-02 Nec Corporation Method and system for providing encrypted data for searching of information therein and a method and system for searching of information on encrypted data
US9355377B2 (en) * 2013-06-25 2016-05-31 Sap Se Carbon dioxide emissions optimized secure cloud computing
US9800517B1 (en) * 2013-10-31 2017-10-24 Neil Anderson Secure distributed computing using containers
WO2015130297A1 (en) 2014-02-28 2015-09-03 Empire Technology Development Llc Homomorphic encryption scheme
US10075288B1 (en) * 2014-02-28 2018-09-11 The Governing Council Of The University Of Toronto Systems, devices, and processes for homomorphic encryption
KR102251697B1 (ko) * 2014-04-23 2021-05-14 삼성전자주식회사 암호화 장치, 암호화 방법 및 컴퓨터 판독가능 기록매체
US9819650B2 (en) 2014-07-22 2017-11-14 Nanthealth, Inc. Homomorphic encryption in a healthcare network environment, system and methods
CN105447361B (zh) * 2014-08-27 2018-08-21 华为技术有限公司 加密和相似性度量的方法、终端及服务器
US9946970B2 (en) 2014-11-07 2018-04-17 Microsoft Technology Licensing, Llc Neural networks for encrypted data
US9825758B2 (en) * 2014-12-02 2017-11-21 Microsoft Technology Licensing, Llc Secure computer evaluation of k-nearest neighbor models
US9787647B2 (en) * 2014-12-02 2017-10-10 Microsoft Technology Licensing, Llc Secure computer evaluation of decision trees
US10333696B2 (en) 2015-01-12 2019-06-25 X-Prime, Inc. Systems and methods for implementing an efficient, scalable homomorphic transformation of encrypted data with minimal data expansion and improved processing efficiency
JP6370230B2 (ja) * 2015-01-23 2018-08-08 Kddi株式会社 秘密計算制御装置、秘密計算制御方法及び秘密計算制御プログラム
US10153894B2 (en) 2015-11-05 2018-12-11 Microsoft Technology Licensing, Llc Homomorphic encryption with optimized encoding
US10075289B2 (en) 2015-11-05 2018-09-11 Microsoft Technology Licensing, Llc Homomorphic encryption with optimized parameter selection
US10116437B1 (en) * 2015-12-14 2018-10-30 Ingram Micro, Inc. Method for protecting data used in cloud computing with homomorphic encryption
US9900147B2 (en) 2015-12-18 2018-02-20 Microsoft Technology Licensing, Llc Homomorphic encryption with optimized homomorphic operations
US9876636B2 (en) 2016-01-07 2018-01-23 Empire Technology Development Llc Homomorphic public-key encryption scheme
FR3048102B1 (fr) * 2016-02-24 2018-03-09 Commissariat A L'energie Atomique Et Aux Energies Alternatives Methode d'execution confidentielle d'un programme operant sur des donnees chiffrees par un chiffrement homomorphe
US20170293913A1 (en) * 2016-04-12 2017-10-12 The Governing Council Of The University Of Toronto System and methods for validating and performing operations on homomorphically encrypted data
WO2017194469A1 (en) * 2016-05-13 2017-11-16 Abb Schweiz Ag Secure remote aggregation
US10296709B2 (en) 2016-06-10 2019-05-21 Microsoft Technology Licensing, Llc Privacy-preserving genomic prediction
CN106209371B (zh) * 2016-07-25 2019-05-03 青岛大学 应用于rsa算法生成密钥的外包方法
US10333695B2 (en) * 2016-11-10 2019-06-25 Microsoft Technology Licensing, Llc Rational number arithmetic in homomorphic encryption
EP3334083A1 (en) * 2016-12-08 2018-06-13 Gemalto SA Method of rsa signature or decryption protected using a homomorphic encryption
US10812252B2 (en) 2017-01-09 2020-10-20 Microsoft Technology Licensing, Llc String matching in encrypted data
JP6522263B2 (ja) * 2017-01-18 2019-05-29 三菱電機株式会社 準同型演算装置、暗号システム及び準同型演算プログラム
US10542039B2 (en) * 2017-02-08 2020-01-21 Nicira, Inc. Security against side-channel attack in real-time virtualized networks
US10742413B2 (en) * 2017-04-25 2020-08-11 International Business Machines Corporation Flexible verifiable encryption from lattices
CN106921484B (zh) * 2017-05-02 2018-06-29 北京邮电大学 一种基于非交换代数结构的乘法同态映射构造方法及装置
US10630655B2 (en) * 2017-05-18 2020-04-21 Robert Bosch Gmbh Post-quantum secure private stream aggregation
US10491373B2 (en) * 2017-06-12 2019-11-26 Microsoft Technology Licensing, Llc Homomorphic data analysis
US11196539B2 (en) 2017-06-22 2021-12-07 Microsoft Technology Licensing, Llc Multiplication operations on homomorphic encrypted data
US10541805B2 (en) * 2017-06-26 2020-01-21 Microsoft Technology Licensing, Llc Variable relinearization in homomorphic encryption
US10749665B2 (en) 2017-06-29 2020-08-18 Microsoft Technology Licensing, Llc High-precision rational number arithmetic in homomorphic encryption
US10333698B2 (en) * 2017-07-14 2019-06-25 Raytheon Company Entwined encryption and error correction
WO2019018046A1 (en) * 2017-07-17 2019-01-24 Hrl Laboratories, Llc EXTRACTOR OF PRACTICAL REUSABLE APPROXIMATE VALUES BASED ON ERROR ASSUMPTION HYPOTHESIS AND RANDOM ORACLE
US10581604B2 (en) * 2017-10-17 2020-03-03 Comsats Institute Of Information Technology Post-quantum cryptographic communication protocol
JP2021502636A (ja) * 2017-11-09 2021-01-28 エヌチェーン ホールディングス リミテッドNchain Holdings Limited 検証可能な計算のためのcライクなスマートコントラクトの算術的強化
US11461435B2 (en) 2017-12-18 2022-10-04 University Of Central Florida Research Foundation, Inc. Techniques for securely executing code that operates on encrypted data on a public computer
US11032061B2 (en) * 2018-04-27 2021-06-08 Microsoft Technology Licensing, Llc Enabling constant plaintext space in bootstrapping in fully homomorphic encryption
US11374736B2 (en) * 2018-06-20 2022-06-28 Clemson University System and method for homomorphic encryption
CN108933650B (zh) * 2018-06-28 2020-02-14 阿里巴巴集团控股有限公司 数据加解密的方法及装置
CN108718231B (zh) * 2018-07-04 2023-05-23 深圳大学 一种全同态加密方法、装置和计算机可读存储介质
US11177935B2 (en) * 2018-08-31 2021-11-16 Microsoft Technology Licensing, Llc Homomorphic evaluation of tensor programs
DE102018122278A1 (de) * 2018-09-12 2020-03-12 Infineon Technologies Ag Ausführen einer kryptographischen Operation
FR3086090B1 (fr) * 2018-09-17 2022-01-14 Commissariat Energie Atomique Methode de traitement confidentiel de logs d'un systeme d'information
JP6916770B2 (ja) * 2018-09-27 2021-08-11 Kddi株式会社 秘匿計算装置、秘匿計算方法及び秘匿計算プログラム
US11055433B2 (en) 2019-01-03 2021-07-06 Bank Of America Corporation Centralized advanced security provisioning platform
JP7073295B2 (ja) * 2019-03-27 2022-05-23 Kddi株式会社 秘匿計算装置、秘匿計算方法及び秘匿計算プログラム
CN110113505B (zh) * 2019-04-24 2020-11-03 湖北工业大学 一种基于中国剩余定理的低扰动信息安全隐写编码方法
US11381381B2 (en) * 2019-05-31 2022-07-05 Intuit Inc. Privacy preserving oracle
US11436340B2 (en) 2019-06-24 2022-09-06 Bank Of America Corporation Encrypted device identification stream generator for secure interaction authentication
US10790961B2 (en) * 2019-07-31 2020-09-29 Alibaba Group Holding Limited Ciphertext preprocessing and acquisition
US11323255B2 (en) * 2019-08-01 2022-05-03 X-Logos, LLC Methods and systems for encryption and homomorphic encryption systems using Geometric Algebra and Hensel codes
US11431470B2 (en) * 2019-08-19 2022-08-30 The Board Of Regents Of The University Of Texas System Performing computations on sensitive data while guaranteeing privacy
US11539517B2 (en) * 2019-09-09 2022-12-27 Cisco Technology, Inc. Private association of customer information across subscribers
US11562267B2 (en) 2019-09-14 2023-01-24 Oracle International Corporation Chatbot for defining a machine learning (ML) solution
US12118474B2 (en) 2019-09-14 2024-10-15 Oracle International Corporation Techniques for adaptive pipelining composition for machine learning (ML)
US11663523B2 (en) 2019-09-14 2023-05-30 Oracle International Corporation Machine learning (ML) infrastructure techniques
US11475374B2 (en) 2019-09-14 2022-10-18 Oracle International Corporation Techniques for automated self-adjusting corporation-wide feature discovery and integration
CA3059032A1 (en) * 2019-10-17 2021-04-17 The Toronto-Dominion Bank Homomorphic encryption of communications involving voice-enabled devices in a distributed computing environment
US20210150037A1 (en) * 2019-11-15 2021-05-20 International Business Machines Corporation Secure Federation of Distributed Stochastic Gradient Descent
KR20210081471A (ko) 2019-12-23 2021-07-02 삼성전자주식회사 프로그램 코드를 저장하는 비일시적 컴퓨터 판독가능 매체, 복호화 장치, 및 암호화 장치와 복호화 장치를 포함하는 통신 시스템
US12099997B1 (en) 2020-01-31 2024-09-24 Steven Mark Hoffberg Tokenized fungible liabilities
JP7121194B2 (ja) 2020-02-14 2022-08-17 グーグル エルエルシー セキュアマルチパーティリーチおよび頻度推定
FI130368B (fi) * 2020-03-31 2023-07-28 Amer Sports Digital Services Oy Sukellusinformaation hallinta
US11558172B2 (en) * 2020-04-22 2023-01-17 Samsung Electronics Co., Ltd. Encryption method and apparatus based on homomorphic encryption using composition of functions
KR102444193B1 (ko) * 2020-04-29 2022-09-19 국방과학연구소 Ring-LWR기반 양자내성 서명 방법 및 그 시스템
KR20210135075A (ko) 2020-05-04 2021-11-12 삼성전자주식회사 동형 암복호화 장치, 상기 장치를 포함하는 시스템, 및 동형 암복호화의 수행 방법
US11671239B2 (en) * 2020-05-08 2023-06-06 Samsung Electronics Co., Ltd. Encryption method and apparatus based on homomorphic encryption using odd function property
US11637700B2 (en) * 2020-08-14 2023-04-25 Samsung Electronics Co., Ltd. Method and apparatus with encryption based on error variance in homomorphic encryption
US11405176B2 (en) * 2020-09-18 2022-08-02 Intel Corporation Homomorphic encryption for machine learning and neural networks using high-throughput CRT evaluation
US20220094518A1 (en) * 2020-09-18 2022-03-24 Intel Corporation Low circuit depth homomorphic encryption evaluation
KR102430495B1 (ko) * 2021-08-04 2022-08-09 삼성전자주식회사 저장 장치, 호스트 장치 및 그것의 데이터 전송 방법
CN113660085B (zh) * 2021-08-13 2023-06-06 北方工业大学 一种基于量子同态加密的量子安全多方计算方法
US12015691B2 (en) 2021-09-23 2024-06-18 International Business Machines Corporation Security as a service for machine learning
KR20230161779A (ko) * 2022-05-19 2023-11-28 서울대학교산학협력단 동형자리바꿈 연산을 수행하는 방법 및 기기
KR102657928B1 (ko) * 2022-10-11 2024-04-15 전북대학교산학협력단 전력조절 시공간 블록부호의 다중 안테나 시스템에서의 통신 보안시스템 및 그 통신 보안방법
CN116455575B (zh) * 2023-06-16 2023-10-10 北京天润基业科技发展股份有限公司 一种密钥生成、加密、解密方法、电子设备及存储介质

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7620625B2 (en) * 2004-05-20 2009-11-17 Ntt Docomo, Inc. Method and apparatus for communication efficient private information retrieval and oblivious transfer
EP1815637B1 (en) * 2004-11-16 2016-04-20 Koninklijke Philips N.V. Securely computing a similarity measure
US8515058B1 (en) * 2009-11-10 2013-08-20 The Board Of Trustees Of The Leland Stanford Junior University Bootstrappable homomorphic encryption method, computer program and apparatus
WO2012149395A1 (en) * 2011-04-29 2012-11-01 International Business Machines Corporation Fully homomorphic encryption
US8925075B2 (en) * 2011-11-07 2014-12-30 Parallels IP Holdings GmbH Method for protecting data used in cloud computing with homomorphic encryption

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
None

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017193108A3 (en) * 2016-05-06 2018-07-26 ZeroDB, Inc. Encryption for distributed storage and processing
US10691817B2 (en) 2016-05-06 2020-06-23 ZeroDB, Inc. Encryption for distributed storage and processing
CN114073037A (zh) * 2019-05-09 2022-02-18 谷歌有限责任公司 Rlwe明文的压缩和未察觉地扩展
CN114073037B (zh) * 2019-05-09 2024-05-17 谷歌有限责任公司 Rlwe明文的压缩和未察觉地扩展
US20230185800A1 (en) * 2021-12-14 2023-06-15 International Business Machines Corporation Secure database-as-a-service system
US11860868B2 (en) * 2021-12-14 2024-01-02 International Business Machines Corporation Secure database-as-a-service system
CN116208316A (zh) * 2023-04-27 2023-06-02 蓝象智联(杭州)科技有限公司 节约存储空间的半同态加密方法、装置及存储介质
CN116208316B (zh) * 2023-04-27 2023-07-18 蓝象智联(杭州)科技有限公司 节约存储空间的半同态加密方法、装置及存储介质

Also Published As

Publication number Publication date
US20160191233A1 (en) 2016-06-30
US20140177828A1 (en) 2014-06-26
US10211975B2 (en) 2019-02-19
CN105122721B (zh) 2018-11-06
US9306738B2 (en) 2016-04-05
ES2598298T3 (es) 2017-01-26
CN105122721A (zh) 2015-12-02
WO2014100788A3 (en) 2014-08-21
EP2936731B1 (en) 2016-07-20
EP2936731A2 (en) 2015-10-28

Similar Documents

Publication Publication Date Title
US10211975B2 (en) Managed secure computations on encrypted data
US10868670B2 (en) Data processing method and apparatus
Liu et al. An efficient privacy-preserving outsourced calculation toolkit with multiple keys
Ott et al. Identifying research challenges in post quantum cryptography migration and cryptographic agility
US8559631B1 (en) Systems and methods for efficient decryption of attribute-based encryption
US9590807B2 (en) Identity based public key cryptosystem
Vahdati et al. Comparison of ECC and RSA algorithms in IoT devices
NL2013944B1 (en) Public-key encryption system.
KR101594553B1 (ko) 암호화 키를 생성하는 방법, 이를 위한 네트워크 및 컴퓨터 프로그램
Jayapandian et al. Secure and efficient online data storage and sharing over cloud environment using probabilistic with homomorphic encryption
Li et al. A simple fully homomorphic encryption scheme available in cloud computing
Arfaoui et al. Context-aware adaptive authentication and authorization in internet of things
AU2022315209A1 (en) Hybrid public-key and private-key cryptographic systems based on iso-rsa encryption scheme
Hassan et al. [Retracted] A Lightweight Proxy Re‐Encryption Approach with Certificate‐Based and Incremental Cryptography for Fog‐Enabled E‐Healthcare
Balasubramaniam et al. A survey on data encryption tecniques in cloud computing
Marandi et al. Lattice-Based Homomorphic Encryption For Privacy-Preserving Smart Meter Data Analytics
Singh et al. Dsse: distributed security shielded execution for communicable cyber threats analysis
Tutoveanu Active implementation of end-to-end post-quantum encryption
Waziri et al. Big data analytics and data security in the cloud via fully homomorphic encryption
Nithin et al. XBMRSA: A new XML encryption algorithm
Hayward et al. Parallelizing fully homomorphic encryption
US11949786B2 (en) Machine learning based cryptanalysis
Buop Data storage security for cloud computing using elliptic curve cryptography
Ansara et al. Security of Information in Cloud Computing: A Systematic Review
Apon Public-Key Cryptography in the Era of Quantum Computing

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13821361

Country of ref document: EP

Kind code of ref document: A2

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
REEP Request for entry into the european phase

Ref document number: 2013821361

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2013821361

Country of ref document: EP